const {verify} = require('jsonwebtoken');
module.exports = function(options,app){
   return async function(ctx,next){//ctx 上下文 next调用下一个中间
        const token = ctx.get('authorization'); 
        if(token){
            const user = verify(token,app.config.jwtSecret);
            if(user){
                let resourceList = user.resourceList;
                let findItem = resourceList.find(item=>item.key == ctx.url);
                if(findItem){
                    ctx.session.user = user;
                    await next();
                }else{
                    ctx.status = 401;
                    ctx.body = {code:1,error:'你无权访问此路径!'};
                }
              
            }else{
                ctx.status = 401;
                ctx.body = {code:1,error:'token不合法!'};
            }
        }else{
            ctx.status = 401;
            ctx.body = {code:1,error:'token不存在!'};
        }
   }
}